Directory browsing is a feature in WordPress which allows users to browse through the files and directories inside of a WordPress site. This can be helpful for administrators who are looking for specific files or for users who want to find a specific post or page. However, many users find directory browsing to be cluttered and confusing, and they would prefer to disable it altogether.
Table of Contents
What Happens When We Disable Directory Browsing in WordPress?
When we disable directory browsing in WordPress, the index.php file is served rather than a list of the directory’s contents. This can be useful for security purposes, as it prevents unauthorized users from viewing the contents of your directories. It can also be used to hide files and directories from public view.
Why Disable Directory Browsing?
Directory browsing can be a security risk, as it can allow unauthorized users to view the contents of your website’s directories. Enabling directory browsing in WordPress makes your website vulnerable to attack, as it allows anyone who knows the web address of one of your folders to view its contents. It is therefore recommended that you disable directory browsing in WordPress to protect your website’s security.
How to Check if Directory Browsing is Enabled in WordPress
The easiest method to check whether directory browsing is enabled on your WordPress website is by accessing https://example.com/wp-includes/.
You’ll need to replace the example.com site with your website’s URL. If you receive a 403 Forbidden or similar message, directory browsing is currently disabled on your WordPress website.
If you have a list of files and directories, it indicates that directory browsing is enabled for your website.
How to Disable Directory Browsing
To enable directory listing, you will need to include some code in your site’s .htaccess file.
To gain access to the file, you will need to utilize an FTP client, or the File Manager app inside your WordPress hosting control panel.
If this is your first time using FTP, then you can read our complete guide on our website for connecting to your site using FTP.
Once you are connected to your hosting account and you are in the file manager, you need to locate the public folders, it depends on your hosting type, in cPanel based hosting the public folder is known as public_html, it can be www folders as well on non cPanel based hosting, once you are in a public folder, you will see a list of files, just right-click on the .htaccess file and click edit, after clicking the edit button the .htaccess file will be open in the editor.
You simply need to add this line at the bottom of the file and save it and upload it.
Options -Indexes
once you took these steps, simple open http://example.com/wp-includes/ (remember to replace your domain name with example.com), if you see a 403 forbidden error then it is confirmed that you have disabled the directory listing in WordPress.
Disabling directory browsing in WordPress is a good way to protect your site from unauthorized access. If you are not sure how to do this, there are plenty of resources available online that can help you. By following these simple steps, you can rest assured that your website is safe and secure.
